diff --git a/dist/apps/welcome/docker-compose.yaml b/dist/apps/welcome/docker-compose.yaml
new file mode 100644
index 0000000..60def8e
--- /dev/null
+++ b/dist/apps/welcome/docker-compose.yaml
@@ -0,0 +1,22 @@
+version: "3"
+
+services:
+  cyphernode_welcome:
+    environment:
+      - "TRACING=1"
+    image: cyphernode_welcome
+    volumes:
+      - "/Users/jash/go/src/cyphernode_welcome/data_docker:/data"
+    networks:
+      - cyphernodeappsnet
+    restart: always
+    labels:
+      - "traefik.docker.network=cyphernodeappsnet"
+      - "traefik.frontend.rule=PathPrefix:/welcome; PathPrefixStrip:/welcome"
+      - "traefik.frontend.passHostHeader=true"
+      - "traefik.enable=true"
+      - "traefik.port=8080"
+#      - "traefik.frontend.auth.basic.usersFile=${SHARED_HTPASSWD_PATH}"
+networks:
+  cyphernodeappsnet:
+    external: true
diff --git a/dist/apps/welcome/start.sh b/dist/apps/welcome/start.sh
new file mode 100644
index 0000000..8318bb2
--- /dev/null
+++ b/dist/apps/welcome/start.sh
@@ -0,0 +1,8 @@
+
+echo "SCRIPT_NAME: $SCRIPT_NAME"
+echo "SHARED_HTPASSWD_PATH: $SHARED_HTPASSWD_PATH"
+echo "APP_SCRIPT_PATH: $APP_SCRIPT_PATH"
+echo "APP_START_SCRIPT_PATH: $APP_START_SCRIPT_PATH"
+
+export SHARED_HTPASSWD_PATH
+docker-compose -f $APP_SCRIPT_PATH/docker-compose.yaml up -d --remove-orphans
diff --git a/dist/apps/welcome/stop.sh b/dist/apps/welcome/stop.sh
new file mode 100644
index 0000000..cdedfa2
--- /dev/null
+++ b/dist/apps/welcome/stop.sh
@@ -0,0 +1,7 @@
+
+echo "SCRIPT_NAME: $SCRIPT_NAME"
+echo "SHARED_HTPASSWD_PATH: $SHARED_HTPASSWD_PATH"
+echo "APP_SCRIPT_PATH: $APP_SCRIPT_PATH"
+echo "APP_START_SCRIPT_PATH: $APP_START_SCRIPT_PATH"
+
+docker-compose -f $APP_SCRIPT_PATH/docker-compose.yaml down
diff --git a/dist/apps/welcome/test.sh b/dist/apps/welcome/test.sh
new file mode 100644
index 0000000..1a5563f
--- /dev/null
+++ b/dist/apps/welcome/test.sh
@@ -0,0 +1,7 @@
+
+echo "SCRIPT_NAME: $SCRIPT_NAME"
+echo "SHARED_HTPASSWD_PATH: $SHARED_HTPASSWD_PATH"
+echo "APP_SCRIPT_PATH: $APP_SCRIPT_PATH"
+echo "APP_START_SCRIPT_PATH: $APP_START_SCRIPT_PATH"
+
+echo "No tests"
\ No newline at end of file
diff --git a/install/generator-cyphernode/generators/app/templates/installer/start.sh b/install/generator-cyphernode/generators/app/templates/installer/start.sh
index 1d5bb6d..a0c11d6 100644
--- a/install/generator-cyphernode/generators/app/templates/installer/start.sh
+++ b/install/generator-cyphernode/generators/app/templates/installer/start.sh
@@ -48,3 +48,33 @@ printf "\r\n\033[0;92mDepending on your current location and DNS settings, point
 printf "\r\n"
 printf "\033[0;95m<% cns.forEach(cn => { %><%= ('https://' + cn + ':'+ gatekeeper_port + '/status/\\r\\n') %><% }) %>\033[0m\r\n"
 printf "\033[0;92mUse 'admin' as the username with the configuration password you selected at the beginning of the configuration process.\r\n\r\n\033[0m"
+
+
+# be aware that randomly downloaded cyphernode apps will have access to
+# your configuration and filesystem.
+# !!!!!!!!! DO NOT INCLUDE APPS WITHOUT REVIEW !!!!!!!!!!
+# TODO: Test if we can mitigate this security issue by
+# running app dockers inside a docker container
+
+start_apps() {
+  local SCRIPT_NAME="start.sh"
+  local APP_SCRIPT_PATH
+  local APP_START_SCRIPT_PATH
+  local APP_ID
+
+  for i in "$current_path/apps/*"
+  do
+    APP_SCRIPT_PATH=$(echo $i)
+    if [ -d $APP_SCRIPT_PATH ]; then
+      APP_START_SCRIPT_PATH="$APP_SCRIPT_PATH/$SCRIPT_NAME"
+
+      if [ -f $APP_START_SCRIPT_PATH ]; then
+        APP_ID=$(basename $APP_SCRIPT_PATH)
+        source $APP_START_SCRIPT_PATH
+      fi
+    fi
+  done
+}
+
+. ./installer/config.sh
+start_apps
diff --git a/install/generator-cyphernode/generators/app/templates/installer/stop.sh b/install/generator-cyphernode/generators/app/templates/installer/stop.sh
index 7fc1279..aeaf1b3 100644
--- a/install/generator-cyphernode/generators/app/templates/installer/stop.sh
+++ b/install/generator-cyphernode/generators/app/templates/installer/stop.sh
@@ -11,3 +11,32 @@ export USER=$(id -u):$(id -g)
 export ARCH=$(uname -m)
 docker-compose -f $current_path/docker-compose.yaml down
 <% } %>
+
+# be aware that randomly downloaded cyphernode apps will have access to
+# your configuration and filesystem.
+# !!!!!!!!! DO NOT INCLUDE APPS WITHOUT REVIEW !!!!!!!!!!
+# TODO: Test if we can mitigate this security issue by
+# running app dockers inside a docker container
+
+stop_apps() {
+  local SCRIPT_NAME="stop.sh"
+  local APP_SCRIPT_PATH
+  local APP_START_SCRIPT_PATH
+  local APP_ID
+
+  for i in "$current_path/apps/*"
+  do
+    APP_SCRIPT_PATH=$(echo $i)
+    if [ -d $APP_SCRIPT_PATH ]; then
+      APP_START_SCRIPT_PATH="$APP_SCRIPT_PATH/$SCRIPT_NAME"
+
+      if [ -f $APP_START_SCRIPT_PATH ]; then
+        APP_ID=$(basename $APP_SCRIPT_PATH)
+        source $APP_START_SCRIPT_PATH
+      fi
+    fi
+  done
+}
+
+. ./installer/config.sh
+stop_apps
\ No newline at end of file